WordPress.org

Make WordPress Core

Changeset 46105


Ignore:
Timestamp:
09/13/2019 10:19:34 PM (2 months ago)
Author:
jorbin
Message:

GENERAL: Remove magic quote functions

The path to magic quote sanity took a fun and exciting turn: PHP core removed it and WordPress updated the minimum version.

For the formally external pclzip, the code is commented out to make investigating easier and in case we ever need to merge upstream (if that still exists) changes.

Props ayeshrajans, jrf, jorbin.
See #47783.
Fixes #18322.

Location:
trunk/src
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-pclzip.php

    r38101 r46105  
    53275327    $v_result=1;
    53285328
     5329    // EDIT for WordPress 5.3.0
     5330    // magic_quote functions are deprecated in PHP 7.4, now assuming it's always off.
     5331    /*
     5332
    53295333    // ----- Look if function exists
    53305334    if (   (!function_exists("get_magic_quotes_runtime"))
     
    53455349      @set_magic_quotes_runtime(0);
    53465350    }
     5351    */
    53475352
    53485353    // ----- Return
     
    53605365  {
    53615366    $v_result=1;
     5367
     5368    // EDIT for WordPress 5.3.0
     5369    // magic_quote functions are deprecated in PHP 7.4, now assuming it's always off.
     5370    /*
    53625371
    53635372    // ----- Look if function exists
     
    53775386    }
    53785387
     5388    */
    53795389    // ----- Return
    53805390    return $v_result;
  • trunk/src/wp-includes/formatting.php

    r45990 r46105  
    27142714 */
    27152715function addslashes_gpc( $gpc ) {
    2716     if ( get_magic_quotes_gpc() ) {
    2717         $gpc = stripslashes( $gpc );
    2718     }
    2719 
    27202716    return wp_slash( $gpc );
    27212717}
     
    47834779 * Parses a string into variables to be stored in an array.
    47844780 *
    4785  * Uses {@link https://secure.php.net/parse_str parse_str()} and stripslashes if
    4786  * {@link https://secure.php.net/magic_quotes magic_quotes_gpc} is on.
    47874781 *
    47884782 * @since 2.2.1
     
    47934787function wp_parse_str( $string, &$array ) {
    47944788    parse_str( $string, $array );
    4795     if ( get_magic_quotes_gpc() ) {
    4796         $array = stripslashes_deep( $array );
    4797     }
     4789
    47984790    /**
    47994791     * Filters the array of variables derived from a parsed string.
  • trunk/src/wp-includes/load.php

    r45932 r46105  
    926926 */
    927927function wp_magic_quotes() {
    928     // If already slashed, strip.
    929     if ( get_magic_quotes_gpc() ) {
    930         $_GET    = stripslashes_deep( $_GET );
    931         $_POST   = stripslashes_deep( $_POST );
    932         $_COOKIE = stripslashes_deep( $_COOKIE );
    933     }
    934 
    935928    // Escape with wpdb.
    936929    $_GET    = add_magic_quotes( $_GET );
  • trunk/src/wp-includes/rest-api/class-wp-rest-request.php

    r45932 r46105  
    691691
    692692        /*
    693          * Amazingly, parse_str follows magic quote rules. Sigh.
    694          *
    695          * NOTE: Do not refactor to use `wp_unslash`.
    696          */
    697         if ( get_magic_quotes_gpc() ) {
    698             $params = stripslashes_deep( $params );
    699         }
    700 
    701         /*
    702693         * Add to the POST parameters stored internally. If a user has already
    703694         * set these manually (via `set_body_params`), don't override them.
Note: See TracChangeset for help on using the changeset viewer.